Drobo

Dropbear SSH authorized_keys

Is it possible to use ssh authorized_keys with the DroboShare app Dropbear?

i’ve been trying with no success. It is possible using dropbear on busybox, but I’ve not been successful, even following hints listed here: https://forum.openwrt.org/viewtopic.php?id=181

I’d love to figure this one out.

Thanks for the link. I guess I’ll give that a shot too, though sounds like I’ll be beating my head against the wall. If I have any different results than you had, I’ll post.

I wrote to Matt Johnston (creator of Dropbear) and here is what he said in regards to this thread and if authorized keys would work on Drobo:

“I’m not sure - I know some systems like OpenWRT have set it up so there’s /etc/dropbear/authorized_keys, no idea if Drobo does that. By default I’d assume ~/.ssh/authorized_keys should work.”

So maybe I’ll give it another shot.

Thanks!

I’ve tried both locations. With DSA, not RSA keys. Neither has worked. Do we know who compiled dropbear for the drobo? perhaps we can ask them if they compiled it to support key exchange…

Anyone know who compiled dropbear for droboapps? I’d love a new version that will accept keys for authentication. This will allow for scripted rsync backups…

The long silence makes me think this has still not been resolved… Any more thoughts?
Bruce[hr]

It looks like the dropbear binary was compiled by Data Robotics, only the start and stop scripts are in the install package. Public key authentication is a really key component of ssh. I don’t understand why they would have removed it from the distribution of the DroboShare.

Could someone at DataRobotics PLEASE make a whole version of the dropbear binary available?

Bruce

Hello,

I am trying to connect to droboshare through ssh.
I put my public key to /root/.ssh/authorized_keys but the sshd is still requesting my password ?

Do you know how I can handle the ssh keys with droboshare ?

Thank you

No luck. I picked this back up over the weekend and still no luck. If anyone manages to get it working, please post.

You have to re-compile the dropbear executable. It gets MUCH bigger. I tried to post this version onto the forum but it was never made public by the board admin. Until Data Robotics adds this part of the ssh definition, there really isnt any reason to try to get pubkey auth working. Save your time, dont even bother trying.

So did you get it working by recompiling the dropbear?

Yep, it works great. Try pestering the board ops to see if they will post my version. Or better yet, include a standards compliant SSH in the DroboShare to begin with!!

not sure if this helps but for drobofs, i replaced the dropbear.key under /mnt/DroboFS/Shares/DroboApps/dropbear using RSA

Make certain that .ssh and authorized keys have the right permissions.

chmod 700 .ssh
chmod 600 .ssh/authorized_keys

With that in place, this works for me.

what error are you getting and where?

ok, got it working tonight on my new DroboFS in about 5 minutes, it’s a standard ssh setup, nothing special, no rebuilds needed (at least not with 1.0.5 firmware). Here’s how with lots of details for those not familiar with ssh or embedded linux platforms:

  1. ssh in with password and create the .ssh directory. This will end up being /mnt/DroboFS/.ssh in my case (on a DroboFS, DroboShare users might need a different mount point… check what root’s home dir is set to in /etc/passwd, it’s the next to last colon separated field in the output of “grep root /etc/passwd”) It’s important to note that it’s NOT /root/.ssh as many would think, as the system doesn’t use /root as root’s home.

  2. set the appropriate permissions on that dir: chmod go-rx .ssh

  3. copy your authorized_keys file to a share, I used Public. Note: if you’re using a modern linux distro or a mac, likely you have an authorized_keys2 file… note that dropbear doesn’t know that file, rename it without the 2!

  4. move said file into the dir you just created

  5. set the appropriate permissions on that file: chmod go-rw .ssh/authorized_keys

So in summary, the sequence of commands in the ssh session look like:

mkdir .ssh
chmod go-rx .ssh
mv Shares/Public/authorized_keys2 .ssh/authorized_keys
chmod go-rw .ssh/authorized_keys

Got the same solution today :slight_smile: with a lot of trail and error and now reading your post makes me :(. But that means: it works :)!

If you first install the client (Description here) you don’t need to create this folder. It’s created by the client to store the “known_hosts”-file. One can just add the “authorized_keys” file with the command:

# vi authorized_keys

If you add an .ssh/id_rsa.pub which you can generate with the dropbearconvert or dropbearkey (included in the ssh client):

# dropbearkey -t rsa -f .ssh/id_rsa.pub

… you can connect from the Drobo FS to another Server using public key SSH. That’s nice for rsync.

The command is:

# dbclient -i .ssh/id_rsa.pub user@server

(if your located in the home dir!)

Yes. This works for me too. Thanks guys. This was a big help.

Every time I set up public key SSH I mess up something, as right now it’s not working. I created the authorized_keys file on my MacBook Pro, copied it over, and created the proper .ssh directory, moved in the keys file, and set the permissions. Restarted dropbear. Still no go. Here’s a redacted transcript of a login session:

[code]jochs@lightning ~ $ ssh root@drobo
root@drobo’s password: < entered password manually :frowning: >

ls -al .ssh/

drwx------ 2 root root 4096 Sep 28 21:12 .
drwxr-xr-x 6 root root 4096 Sep 28 21:12 …
-rw------- 1 root root 397 Sep 28 21:12 authorized_keys

cat .ssh/authorized_keys

ssh-rsa REDACTED jochs@lightning

[/code]

looks like a problem i had. i copy&pasted my rsa-id into the authorized_keys on the drobo and it put newlines in it. the key has to be in one line only!
perhaps you like to rebuild authorized_keys with vi directly on the drobo. I don’t like this moving files around thing very much. Just run rm ~/.ssh/authorized_keys && vi ~/.ssh/authorized_keys on the drobo and paste the response of cat ~/.ssh/id_rsa.pub on your MacBook into the drobo terminal window. no permission changing required!

(if you don’t know vi: hit “i” before pasting and “ESC” after. to quit and save write: “:wq”)